CLI Injection
If you do ever need to use the command line (aka shell) to run another program, typically though:
- system()
- shell_exec()
- exec()
- popen()
- passthru()
- backtick operators - avoid
The command you want to execute should use escapeshellcmd, and any arguments should use escapeshellarg.
For example:
system('ls ' . escapeshellarg($dir));